Metawerx Java Hosting Small Logo

Metawerx News Archive 2011 - Follow us on Twitter for latest updates!


30-Dec-2011 Metawerx System Release: SSL Expiry Check

We have added a new subsystem today which will check your SSL Certificate expiry date.

The following conditions are checked and reported on:

  • expired certificates today or within the last 7 days (reported daily)
  • certificates expiring within the next 30 days (reported weekly)

We have a number of users (including larger clients!) who contact us in a panic when their SSL certificates expire. We've been working with one of our clients today with this problem, which prompted us to develop this new subsystem.

In addition to having your certificate expire, the Certificate Authority (CA) can move very slowly, even when just renewing a certificate. Their authorisation process can also change every few years (for example, at Thawte it's no longer possible to use ssladmin@ as the email address for automatic authorisation). All these delays add up to more downtime for your SSL security, which can mean your entire online shop is effectively offline. Over Christmas and New Years, there can be even more delays!

Certificate Authorities notify their customers when an SSL certificate is about to expire, so why do our customers let them expire?

These are the reasons we have discovered:

  • The CA only contacts you when your certificate expires, so they have out-of-date details (eg: old email address, old domain)
  • The notification has gone to the wrong person (eg: the old technical contact, or the admin assistant who ordered it)
  • The notification has been filtered as SPAM
  • The warnings are simply ignored because they come up to a year in advance, and keep coming
  • The warnings are ignored because the customer is unsure if the company contacting them is actually their CA

As a result, your SSL certificate can expire suddenly without warning, and the first you hear about it is when you visit your own website and see a warning, or worse yet, when you find out from one of your users.

SSL Certificate Checks are a new feature at metawerx, to ensure your website remains stable and reliable. They are sent to the Technical and Billing Contacts on your account.

If your SSL certificate has issues, it reduces the trust that users have in your website or application, so hopefully we can save you some stress and embarrassment!

21-Dec-2011 Metawerx System Release: Java Application Health Check

Metawerx is proud to release our new Java Application Health Check system this week.

This system can be used to quickly analyse your configuration and application for serious errors.

You will notice a new link system is available in our online control panel (SiteWinder) under the App Health Check link and we will also be sending weekly email alerts.

The following areas are checked and reported on:

  • your database connection pool size configuration (6 types of checks)
  • abandoned database pool connections from DBCP (2 types of checks)
  • database access denied errors (login errors)
  • recent, or recurring MySQL syntax errors
  • your log4j configuration paths (4 types of checks)
  • excessive disk usage by log files
  • excessive System logging which may affect your performance
  • excessive SEVERE, Exception and Error messages in System logs
  • OutOfMemoryErrors in logs, and their types
  • AccessControlExceptions in logs (security errors)
  • web.xml error-page directives

These types of issues indicate a problem with your application which may not become apparent unless your site is busy, or errors which could prevent your application from running at all. When your application appears to be running well, checking logs is boring work, so hopefully we can make things easier for you!

We don't report every exception or error in your logs, as there are bound to be numerous small issues with any project, especially one under constant development. However, we will try to alert you to anything important we find, such as the more serious issues in the above list, or issues that are being reported excessively.

To ensure your application is running at it's best, check your System Logs and Private System Logs for errors and exceptions and ensure log4j is never set to DEBUG logging unless you are tracking a specific bug. DEBUG logging will reduce JVM performance and disk-performance due to excessive writes, so switch it off when you're not using it.

And of course, if you ever need any assistance at all, please don't hesitate to contact us directly!

20-Dec-2011 Increase in SPAM - Solved

While investigating a large increase in spam over the last week, we have found the problem was caused by an incompatibility with Google DNS and SpamHaus. One of our secondary mail servers uses (used!) Google DNS and since Dec-14 we can see no SpamHaus queries succeeding.

Others have reported similar problems

Most SPAM is blocked by SpamCop but SpamHaus usually does a good job of finding the other 30% or so, and does an excellent job when SpamCop is slow in picking up new bot networks.

We have now removed the Google DNS entry on the secondary mailserver and can confirm that SpamHaus queries are now succeeding again.

14-Dec-2011 JDK1.6.0_30, JDK1.7.0_02 Released

The following upgrades are now available:

  • Java 1.6.0_30 (improved performance and stability, bug fixes)
  • Java 1.7.0_02 (improvements to startup time, Java HotSpot Virtual Machine v22 improving reliability and performance)

13-Dec-2011 Monitoring and JVM Restart Improvements

We have a released a series of monitoring improvements today which tie in to SiteWinder and our Failover System.

  • SiteWinder-based JVM restarts are now up to 40 seconds faster.
  • SiteWinder-based JVM restarts now attempt to maintain sessions across restarts. Your users will receive the failover page, which automatically refreshes and returns them to their shopping cart or logged in session (where possible).
  • Automatic-failback time from failover-mode has been increased with new checks based on logs, open ports and CPU usage, resulting in improvements ranging from 4s to 90s on larger JVMs which use Hibernate. Failback now happens as soon as your JVM is responsive again, instead of after a predetermined interval and the first open-port check.

9-Dec-2011 MySQL 5.5.19 Released, Disk Space increase, RAM boost on large plans

The following upgrades are now available:

  • MySQL 5.5.19

We have also increased disk space on all hosting plans above the Budget Plan by approximately 80-100% today due to the reduced prices of quality RAID storage. All existing customers have been automatically upgraded (not that this really affects anyone since most users are either well below their storage limit or have not been charged for disk over-usage during the last 14 years!).

In addition, some plans have had RAM boosted recently as follows:

  • Starter 64mb to 96mb
  • Developer/Database 128mb to 160mb
  • UltraVM 1.5gb to 2gb
  • HyperVM 2gb to 4gb

6-Dec-2011 Local DNS resolvers now using DNSSEC

Our local DNS resolvers are used to find the IP address of sites which your application connects to, and also when sending email.

These have been upgraded with DNSSEC today, to provide an extra layer of security when connecting to DNSSEC-enabled domains.

We have also enabled DLV support.

5-Dec-2011 Tomcat 7.0.23 / 6.0.35 Now Available

We have a workaround for the deadlock in Tomcat 7.0.23 startup and it is now available to all customers.

Tomcat 6.0.35 has also been released today and is now available.

30-Nov-2011 Metawerx System Release: Epic Failover

Metawerx is proud to announce that we have completed the initial implementation of an exciting new system for improved uptime.

Usually reserved only for large companies with dedicated server clusters, we are bringing simple failover to all our hosted customers free of charge.

What is it?

  • Advanced monitoring and failover for your website
  • Instead of seeing a browser error when your VM is offline, users accessing your site will be directed to our failover device

When is it used?

  • Automatically when your JVM is offline: during maintenance, manual restarts from SiteWinder, or monitor-initiated restarts whenever there is a problem detected with your JVM by our monitoring software
  • Manually on demand: when you want to temporarily take your site offline (eg: starting a large hibernate application)

Benefits

  • Your website never appears "offline" to your users during JVM restarts or maintenance
  • Users are reassured that you are in control of the situation and that the website will be available again shortly
  • It's automatic
  • It's simple
  • It's free for HTTP! (SSL-based failover requires an additional dedicated IP address if you want your own SSL certificate served up)

Styles

Automatic Metawerx Default Failover Page


Customised Failover Page

  • Free - send us your URL
  • You can include images, CSS, JavaScript, movies, etc..
  • You can also have a page displaying products from your database, reviews, articles etc..
  • We will snapshot your page directly into our failover device, including all dependant resources

Full Automatic Failover/Failback to secondary JVM

  • This option requires an additional JVM on your hosting plan
  • Choose from a discounted low-usage secondary JVM, or a standard-size secondary JVM for load-balancing
  • Failover to the secondary JVM and Failback to your standar JVM is free of charge and automatic

Ideas - Making the most of maintenance periods

  • Maintain your visitors' attention during temporary outages by providing specials, deals, or articles on your Failover Page while your JVM restarts
  • Provide users with a discount coupon for use in your online-shop on your Failover Page, turning any disruption of services into a benefit for the user and increasing their chance of making a purchase
  • CMS operators and Resellers - create custom Failover Pages for each of your customer domains

Tell me more!


28-Oct-2011 Tomcat 7.0.23 Released

Tomcat 7.0.23 has been released but has a deadlock when starting. We will not be making this version available to customers at this stage.

Please see the change logs at Apache for details.

27-Nov-2011 MySQL 5.5.18 Released

The following upgrades are now available:

  • MySQL 5.5.18

25-Oct-2011 JDK1.6.0_29, JDK1.7.0_01, MySQL 5.5.17 Released

The following upgrades are now available:

  • Java 1.6.0_29 (security release)
  • Java 1.7.0_01 (security release)
  • MySQL 5.5.17

14-Oct-2011 Ubuntu 11.10 Released - (Oneiric Ocelot)

The new edition of Ubuntu was released yesterday and we have upgraded some servers already.

The server upgrade went very smoothly, as it did with Maverick and Natty.

This version includes Linux Kernel 3.0 and OpenSSL 1.0.0e.

1-Oct-2011 Tomcat 7.0.22 Released

We have upgraded managed Tomcat accounts to the latest releases:

  • Tomcat 7.0.22

Please see the change logs at Apache for details.

28-Sep-2011 MySQL 5.5 now available!

We now have a shared MySQL 5.5 server available, as well as the ability to install dedicated MySQL 5.5 instances.

To upgrade, simply send us an email and we'll move you over to the new server.

Subqueries on MySQL 6.0 (currently in development) now use indexes correctly. This was always a major problem with MySQL. The changes have been backported to 5.5, so now queries containing subqueries are much faster. All Metawerx internal systems have been upgraded to MySQL 5.5 and we have noticed a large performance increase in these areas.

An example of a subquery is as follows:

-- get a list of all document creators
select id from users where id in (select creator_user_id from documents)

26-Sep-2011 Tomcat 5.5.34 Released

Current versions available for hosting are now:

  • Tomcat 7.0.21
  • Tomcat 6.0.33
  • Tomcat 5.5.34

Please see the change logs at Apache for details.

26-Sep-2011 End of Life (EOL) for Tomcat 5.5 and Java 6

Apache have announced that support for Tomcat 5.5.x will end on 30 September 2012, meaning bug fixes and security patches will no longer be available after that time.

Oracle have also announced that Java SE 6 will no longer be publicly available after July 2012.

We therefore recommend our Tomcat 5.5 customers start testing their applications and migrating to Tomcat 6.0, or 7.0 if possible, and also start testing against Java 7 to stay current.

We will continue to support these platforms for the foreseeable future, but as bug fixes and security patches will become unavailable, customers who wish to remain on these versions will be at higher risk.

22-Sep-2011 New Feature - SSL Cipher Selection

You can now select your SSL Security Level, per domain, in the Domain Administration section of SiteWinder.

The following levels are supported:

  • Low (40/56+ bit encryption, very old browsers in Export-Restricted countries)
  • Medium (128+ bit encryption, default, IE6 support), 85-93 score on SSL Labs
  • High (256+ bit encryption, latest browsers only, no IE6 support), 89-97 score on SSL Labs

All domains have been set to the Medium level by default, eliminating any Export-level ciphers and of course SSLv2.

For internal systems which do not require access by the public, you can now easily switch to the strongest level of encryption available. All new browsers, iPad, iPhone and Android devices already work with our High-Encryption level, but for public-facing systems, Internet Explorer 6 is still used by 2-3% of the general internet so we recommend Medium level for now.

For the absolute highest SSL security, we have two additional levels of security available on Tomcat 7 / JDK 1.7 JVMs, but Tomcat does not currently support them so they are disabled for now. With a specially rebuilt version of Tomcat we have achieved a score of 98 at SSL Labs (currently the highest in the world) and can offer that version on demand (contact Metawerx Support). A score of 100 is also theoretically possible with this modified version, but SSL Labs currently cannot test a TLS 1.2-only server so a score of 98 is the maximum currently achievable.

Please note that this new option is only relevant for Metawerx-Managed Tomcat JVM customers. If you have a Semi-Managed or Self-Managed JVM, you will need to manually edit server.xml to alter the SSL security level. Please contact Metawerx Support in this case and we will help you to modify your JVM.

You can test your current SSL setup at SSL Labs

9-Sep-2011 SSL Upgrades

Over the last week, you may have noticed some of our customer tools have been converted to use SSL.

The first stage of this is now complete, and the following systems now all use SSL:

  • SiteWinder for all Metawerx hosting accounts
  • SiteWinder for most dedicated servers
  • phpMyAdmin
  • RoundCube IMAP webmail
  • InTouch POP3 webmail

In addition, we have made the following changes to hosted Tomcat accounts:

  • CSR generation has been upgraded from 2048 bit keys to 4096 bit keys
  • Tomcat instances now support 256 bit SSL ciphers (previously the highest was 128 bit)
  • Elliptic Curve Cryptography ciphers are now available, for faster SSL connections on the latest browsers and mobile phones/tablets
  • older 40bit and 56bit ciphers are now disabled by default
  • JDK1.7 users can benefit from TLSv1.1 and TLSv1.2 for added security on Opera and other browsers with support for TLS1.1+

We have also added a new Import Cert feature in Domain Administration where you can import your SSL certificates by yourself. This will let you see any problems with your SSL certificates immediately, and therefore increase the speed of installation of new SSL certificate onto your site.

25-Aug-2011 Twitter

By the way - we're on Twitter now! Follow our news updates on twitter for immediate updates!

23-Aug-2011 Java 7 is out - are you ready?

We now host Java 7, and recommend if you are developing a new app, to make it work with Tomcat 7 and Java 7.

Actually we've both hosting OpenJDK 1.7 for ages now, but finally Oracle has made it an official release :-)

"This release includes new features such as small language changes for improved developer productivity, a new Filesystem API, support for asynchronous I/O, a new fork/join framework for multicore performance, improved support for dynamic and script languages, updates to security, internationalization and web standards and much more." - javasoft.com

As usual, we are the first Java host in the world to make these new technologies available in a hosted environment!

We have also upgraded to the following recently (all the latest releases):

  • Tomcat 7.0.20
  • Tomcat 6.0.33
  • Tomcat 5.5.33
  • JDK 1.6.0_27
  • JDK 1.5.0_22
  • APR 1.4.5
  • Tomcat Native 1.1.22

Unfortunately, we've noticed JDK 1.7.0 has some incompatibilities which make some apps not perform correctly.

For example, this wiki (JSPWiki) seems to work fine, but if we run it on Java7, it won't let me login! Not the best first impression of the official Oracle release, but as they say, there are a few language differences so some apps may need a few changes to work properly. Still, it's the first official release, so it's best to stick to the more mature 1.6.0_x flavour for production sites for a while.

02-Apr-2011 Metawerx Wiki and internal software now running on Tomcat 7

We have moved the Metawerx Wiki and some of our internal software over to Tomcat 7.0.8 today. Performance feels a little snappier due to the new caching and perhaps the new ETag headers. The manager app has more features, and no compatibility problems with JSPWiki or our internal tools have been found so far.

Version 6.0.29 and up, and also Tomcat 7, required a few special security policy changes to make the Session list show in the Manager application - we've found a way to patch that, and so that's working fine as well now. If you've recently been upgraded to 6.0.32 and noticed the Session List was throwing a JSP error, it should now work. We've submitted a bug for the Apache Tomcat team to review as well. (edit: this has now been fixed by markt!)

If you are still running on Tomcat 5 or 6 and want to upgrade to Tomcat 7 to take advantage of the latest features, including the new Servlet 3.0 specification, the new JSP 2.2 specification and EL 2.2, please let us know. The minimum JDK version is 1.6.

Tomcat 7 also includes memory leak prevention and detection.

Java and Tomcat upgrades are always free of charge!

28-Feb-2011 New Europe Server

We now have a new server in Germany. If any of our customers would prefer to be hosted on that server, please contact us to start the transition process.

18-Feb-2011 PHP at Metawerx (on Tomcat!)

We love Java, and we decided long ago to focus on Java and not host PHP. There are already so many PHP hosts, and we wanted to stay focussed on Java hosting issues, Java performance and security.

However, thanks to the wonderful people at Resin, you can now run most PHP applications on your metawerx site using Quercus, the PHP compiler for Java.

Security: By using Quercus to run PHP at Metawerx, security is handled by your already secured metawerx java hosting account. PHP binaries are not used, because everything is recompiled into Java on the fly and run by the Java VM as 100% java instead.

Performance: PHP is compiled into java classes when you change it (like JSP) and then gets all the performance benefits from Java and the HotSpot compiler. According to performance reports, Quercus runs applications such as Drupal around 3.5-4x faster than a standard PHP install.

Integration: You can integrate your existing userbase with the WordPress, Drupal, MediaWiki or phpBB user databases to instantly enhance your user's capabilities on your site. There's even an API available to allow Java and PHP objects to communicate.

We have already created pages on how to install WordPress, phpBB and a few other popular software packages. We were unable to get Joomla to work with Quercus unfortunately, but I assume in the future most popular software will work out-of-the-box.

Please share your experiences with us about any other software you've installed successfully (or unsuccessfully!) and we'll add them to the wiki.



Older Metawex News Archives

navigation
metawerx specific
search
Share
tools
help

referring pages

Share